Как включить Legacy Boot на ThinkPad 2019 года?
У меня 2019 ThinkPad X390 с Windows 10 и я хочу установить Ubuntu. Я всегда использовал Legacy Boot ранее, а не UEFI, и хочу посмотреть, как это сделать. В UEFI-BIOS я вижу, что возможность изменить UEFI/Legacy Boot из UEFI Only в «Legacy Only» нельзя выбрать и рядом с ним написан текст
Как включить эту возможность?
0 ответов
У меня была такая же проблема на моем Lenovo t490. Я просто зашел на вкладку «Безопасность и виртуализация», там была опция «Защита DMA ядра», и я отключил ее. Теперь я могу включить устаревший режим.
Unselectable for kernel dma protection lenovo как отключить
Reddit and its partners use cookies and similar technologies to provide you with a better experience.
By accepting all cookies, you agree to our use of cookies to deliver and maintain our services and site, improve the quality of Reddit, personalize Reddit content and advertising, and measure the effectiveness of advertising.
By rejecting non-essential cookies, Reddit may still use certain cookies to ensure the proper functionality of our platform.
For more information, please see our Cookie Notice and our Privacy Policy .
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to disable Kernel DMA Protection #6750
How to disable Kernel DMA Protection #6750
Comments
I have an external gpu enclosure running on thunderbolt. Please let me know how to disable or uninstall Kernel DMA Protection. This keeps crashing my windows! I have checked my BIOS there is no option. This isn’t a hardware issue because I dual boot ubuntu and it is rock solid!
The text was updated successfully, but these errors were encountered:
It looks like this issue is resolved (thank you @RAJU2529). Closing.
Where is in the group policy edit? Which registry key is it?
If you think it is setting DeviceEnumerationPolicy to 2 to allow all. It isn’t. Please put down which registry to change and to what value to turn it completely off
Passing this feedback to a collaborator. Thanks.
Hello @pl6306 ,
Do you have registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\DisableExternalDMAUnderLock?
If yes, which value does it have?
I have checked my BIOS there is no option — have you checked Security>Virtualization tab?
@pl6306 Feel free to re-open to follow up with the response above. Thank you.
This is still a problem and the regedit above does not solve it. It does not turn off DMA kernel protection, which is causing our Thunderbolt devices to disconnect. (Sonnet Echo chassis with a Blackmagic Design Decklink Quad 2 inside)
We also have a Lenovo laptop, a Legion 7. Lenovo has removed the option to disable Kernel DMA protection from the UEFI bios and removed the possibility of accessing legacy bios for older machines.
a google search lead me here to disabling DMA kernel on a Lenovo. However, my Carbon X1 9th gen with TB4 does have a bios option of disabling kernel DMA — but yet, msinfo32 says its still on.
What was the resolution to this thread?
With the help of a Lenovo admin logon to BIOS I was able to force DMA kernel protection off. It was the IOMMU option nested deep in the CPU settings.
Computer Configuration
It does have TPM 2.0, and the status is “TPM is ready for use”.
Windows Security also says “Your device meets the requirements for enhanced hardware security.” (that means this.)
(p.s. – my system had official support for upgrade to Windows 11. It’s not “unsupported”.)
Problem
On msinfo32, I see the following –
Kernel DMA Protection: Off
Device Encryption Support: Reasons for failed automatic device
encryption: Hardware Security Test Interface failed and device is not
Modern Standby
Troubleshoot Done so far
I found this MS page, that says
- Reboot into BIOS settings
- Turn on Intel Virtualization Technology.
- Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can
use DMA attack mitigations described in BitLocker countermeasures. - Reboot system into Windows.
I checked in my BIOS and “Intel Virtualization Technology” is already enabled. I disabled -> rebooted -> enabled -> rebooted; just in case. Still had same situation at the end.
If I plug in any drive to the Thunderbolt 3 port, for example an external usb drive, then a new “Intel(R) USB 3.1 eXtensible Host Controller – 1.10 (Microsoft)” entry pops up in device manager, and that does have “DMA remapping policy” = 00000002. So, looks like it supports DMA remapping.
powercfg /a says my laptop is currently supporting standard standby (S3) only, not modern standby (S0). Found an article that said “set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\CsEnabled to 0.” I did that, but it had no effect.
Looking for
Any help enabling Kernel DMA Protection and Device Encryption support. Thanks for reading and any possible guidance.